Full Disclosure mailing list archives
Re: Obama Order Sped Up Wave of Cyberattacks Against Iran
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Mon, 11 Jun 2012 14:47:20 +1200
Laurelai wrote:
... really i ask a simple question on how to avoid state sponsored malware that runs exclusively on windows platforms and not a single one of you said anything about using an alternate OS, some of you insisted in fact we should just lie down and take it. You aren't security experts you are scam artists. Makes me wonder if you are paid to act this way or if you all really just didnt consider it. Either answer is pretty chilling.
I was trying to keep right out of this one, but... OK -- that was not actually quite what you asked, but as you have now asked it this way, I'll reply to this version of your question. The "state-sponsored malware" you're talking about arose as part of a plan to execute a (more-or-less) targeted attack. That meant that it had to target the OS of the intended victim(s). Not much use writing a brilliant attack against IIS 7 when the target's webserver runs Apache 2.2.21 on some BSD. "Not running Windows", as a general policy to adopt in order to prevent yourself or your organization from potentially feeling the unintended side-effects of some state-sponsored malware "going feral", will likely be about as useful as "not running Windows" as a general policy to avoid malware (under the assumption that likely targets of state- sponsored malware will sample target platforms in roughly the same way that the rest of the population will). As changing the whole of your IT infrastructure, recovering the value of the training, experience, etc of your staff in using that infrastructure, etc, etc, is something that most organizations either have not consdered, or have considered and (mostly) rejected, you will have to show us a major additional increase in risk that state- sponsored malware brings to the table before the ROI of changing IT infrastructure starts to stack up economically. Just tacking the adjective "state-sponsored" in front of the term does not do that (well, except, perhaps, for a few folk at the really mal- adjusted ends of some or other psychiatric spectra). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran, (continued)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Thor (Hammer of God) (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Thor (Hammer of God) (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Thor (Hammer of God) (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Benji (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Benji (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Nick FitzGerald (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran valdis . kletnieks (Jun 10)
- Message not available
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Ian Hayes (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 10)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Ian Hayes (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Ian Hayes (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Григорий Братислава (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Laurelai (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Memory Vandal (Jun 08)
- Re: Obama Order Sped Up Wave of Cyberattacks Against Iran Bzzz (Jun 08)